For the first time in 2019, there will be three major international exhibitions to be held alongside in parallel covering the different sectors of industry - ARCHITECTURAL& BUILDING WEEK, WATER TECH EXPO and SECURITY EXPO. From 6 to 9 March, they will combine the topics of construction, water management, energy and security.

Inter Expo Center will be an arena of new technologies and solutions starting from design and building, through resource management, up to security at all levels - physical and digital, at the office and at home.

The largest ARCHITECTURAL&CONSTRUCTION WEEK in a decade

After the new concept was announced in 2018, this year’s edition of ARCHITECTURAL&BUILDING WEEK will be the largest in a decade. Between 6-9 March , companies from Bulgaria, Germany, Italy, England, Poland, China, Romania, Turkey, Iran will position their own stand at the business forum. At an exhibition of over 8500 sq.m., they will present machinery, products, technologies and ideas. The exhibition halls have been divided into sectors according to the companies’ fields of business: "Interior finishing works", "Doors, windows, facades and profiles" and "Carcassing and exterior finishing works".

On March 7, at 13:00, will take place the official opening of the Round Table related to the subject of legislation on the construction sectors and engineering in public interest. The list of invited guests at the ceremony includes the Minister of Regional Development and Public Works Petya Avramova, the Mayor of Sofia Municipality - Yordanka Fandakova, Arch. Zdravko Zdravkov - Chief Architect of Sofia Municipality, Arch. Ivan Nestorov - Head of the Central Administration of the National Construction Control Directorate.

The visitors will be introduced to high technology in building machinery and tools, windows, varnishes and paints. Among the products there will be digital and laser systems, air-purification paints, last generation facade and roofing materials, and the eye-catching facade lighting. The forum will joined by fully operational branch organizations such as – the Chamber of Architects in Bulgaria (CAB), the Bulgarian Construction Chamber (BCC), the Chamber of Engineering Investment Design/CEID/, the Bulgarian Association for Construction Insulation (BACI), the Bulgarian Doors, Windows and Facades Association, the Bulgarian Council for Sustainable Development, the Association of Professional Landscapers in Bulgaria ,educational institutions.

This year's exhibition hosts a rich accompanying program. On March 7th, there will be presented the latest project of the Bulgarian Council for Sustainable Development – the platform for smart materials and green construction - Green Constructor.

Visions for the future and high technology in construction will be the focus of the first edition of the HTB Conference to be held on March 8th. The Chamber of Architects in Bulgaria and the Bulgarian Doors, Windows and Facades Association will hold their general meetings of members on 9 March.

Water and Energy 2019

Nikolay Nankov,Deputy Minister of Regional Development and Public Works and Krasimir Zhivkov, Deputy Minister of Environment and Water , in the framework of the Conference WATER AND ENERGY , will open on March 6 at 9:00 am, the 13th edition of WATER TECH EXPO - the only Bulgarian exhibition in the water sector. They will participate in the traditional conference BULAQUA, organized by the Bulgarian Water Association. This year’s topic is "Water and Energy". The main focus will be on "Water and Energy Saving". Participants will learn more about the experience of Greece and Albania.

WATER TECH EXPO 2019 will focus on water treatment products and technologies in the industrial sectors. Among them, a major share is taken by the technologies for water purification in agriculture, food, energy, textiles, pharmaceutics. Leading brands in the water sector solutions from Bulgaria, Romania, Croatia, Italy, Austria, Germany will offer new and successful products and systems. WATER TECH EXPO will be attended by the industrial water purification leaders from IWAKI Pumps, Robushi, Flygt, of pumps for all purposes by Grundfos, Xylem, filtration and sludge solutions by Leopold, Filtration Group, ozone and UV systems by Wedeco.

SECURITY EXPO 2019 – a new momentum for physical and digital security

On March 6, at 14:30, the 26th edition of SECURITY EXPO- the only Bulgarian security and high-tech exhibition,will be officially opened. It will be co-organized by Inter Expo Center and the Bulgarian Chamber of Commerce and Industry. The official opening ceremony will be attended by : Milko Berner, Deputy Minister of the Interior, Chief Commissioner Nikolay Nikolov, Director of the Fire Safety and Population Protection Directorate, and Mladen Petrov, Director of Communications and Information Systems Directorate at the Ministry of Interior.

New systems for video surveillance, access control, voice announcement, new generation alarm systems, fire extinguishing modules in cargo electric vehicles, drug and explosion detectors, solutions for protection of ATMs against robbery cover all aspects of physical security. At SECURITY EXPO 2019 security will step forward into a new dimension of the digital world. On March 6, the key focus will be on secure digital payments during the second conference SECURITY OF DIGITAL PAYMENTS organized by Inter Expo Center. They will have partners such as ACFE Bulgaria, the Bulgarian Fintech Industry and the Bulgarian Association of Software Companies.

On March 7, experts from the Cluster Information Security and the Bulgarian Association of Certified Ethnic Hackers will review the threats to information systems and networks by simulating real hacker attacks. During the accompanying program, there will be intriguing demonstrations for the professional audience from all sectors - security, construction, finance, transport, telecom, tourism, agriculture. The high-tech demo truck by HIKVISION will monitor everything around, while the ALKE truck will demonstrate its benefits. Complex solutions for smart homes and offices can be seen by the businesses in a special smart zone. The exhibition will be attended by leading companies in the security sector, presenting nearly 100 global brands and products.

SECURITY EXPO will be held under the patronage of the Ministry of Interior. Sofia Municipality will be a partner, presenting the " Emergency Response And Prevention “Directorate at the Sofia Municipality, which will join the programme with a presentation. The Defense Institute "Prof. Tsvetan Lazarov will be a partner of the exhibition.

In carrying out its activity, Inter Expo Center Ltd., UIC 121122275, with headquarters and address of management in Sofia , processes information, which is personal data. Privacy is of utmost importance to us. This Policy aims to lay down rules relating to:

• Mechanisms of data protection processed by Inter Expo Center Ltd. (data controller) • Designation of processors and persons who have access to personal data and work under the guidance of personal data processors, as well as their responsibility for non-fulfillment of these obligations relating to the processing and protection of personal data, their rights and obligations. • The necessary technical and organizational measures to protect personal data from unauthorized processing (accidental or unlawful destruction, accidental loss, unauthorized access, alteration or dissemination) and any other illegal processing of personal data. • Actions to protect against accidents, industrial and natural disasters. • The rules on the provision of personal data to the data subject and to third parties. • Time limits for periodic reviews regarding the necessity for data processing and erasure. • The rules for data destruction or providing data to another controller • The Procedure for notifying the personal data protection Commission for personal data breach.

A controller may provide for one or more persons with personal data access rights to be responsible for coordinating and implementing the protection measures.

PERSONAL DATA PROCESSORS

Access to personal data is only available to persons whose duties or specific tasks require such access. All personal data processors are responsible for complying with personal data access restrictions and are personally responsible for violating the privacy, integrity and availability of personal data, except in cases of force majeure. The controller and / or the persons authorized by him / her shall have the following powers: To provide the organization of keeping the records according to the provided measures to ensure adequate protection. To monitor the observance of the specific measures for access protection and control according to the specificity and the level of protection of the kept records. To perform control over compliance with the requirements for the records protection. To keep in touch with the Personal Data Protection Commission on the measures taken and the means of protection of the records and the submitted applications for personal data access. This power is granted exclusively to the Manager of Inter Expo Center Ltd.. To specify the technical resources applied to the processing of personal data. To observe the organizational procedures for the processing of personal data and the observance of controlled access to the personal data carriers. To conduct periodic monitoring of compliance with data protection requirements and, in case of detected irregularities, shall take measures to eliminate them.

Access to the personal data stored in the Records shall be restricted to those employees whom such access is necessary for the performance of their duties. Personal data is protected by disclosure to third parties. Third parties may only have access to such information if they have such a statutory right or otherwise entitle them to do so.

These Internal Rules shall be compulsory for all Controller employees as long as they are involved in the processing of personal data in records and for other persons who have permanent or temporary access to personal data from all records.

Authorized employees entrusted with the processing of personal data from the Records shall:

• process the personal data in a lawful and fair manner; • use personal data accessed by them in accordance with the purposes for which they are collected and shall not to further process them in a manner that is incompatible with those purposes; • update the personal data records (if necessary); • erase or rectify personal data when it is found to be inaccurate or disproportionate to the purposes for which it is being processed; • keep personal data in a form that permits identification of the natural persons concerned for no longer than is necessary for the purposes for which such data are being processed; • observe the present Policy. Any subject whose personal data will be processed by the controller should be notified of: • the data identified by the controller; • the purposes of processing of the personal data and legal bases for the processing of personal data; • the categories of personal data relating to the relevant natural person that is a data subject; • the recipients or categories of recipients to whom the data may be disclosed; • information on the rights under Art. 15-22 of Regulation 2016/679, including the right of access and the right to rectify the collected data

Inter Expo Center Ltd. can store the categories of personal data contained in the records in paper and / or electronic media in compliance with the applicable legislation and the necessary protection measures.

The personal data in the Records shall be kept for the period necessary for the performance of the duties of Inter Expo Center Ltd., depending on the respective record, the personal data category and the purposes for processing them. Personal data shall not be kept longer than is necessary to protect the legitimate interests of the Administrator or for accounting purposes or in accordance with the requirements of the applicable law. The processed data shall be destroyed after expiration of the storage period in accordance with the requirements set out in this Policy.

The storage periods for each record are defined as follows:

1. Staff Record - 50 years; 2. Counterparts Record - for the period required to manage the relationship with the provider, as long as necessary for the accounting purposes of the Personal Data Controller and / or for the performance of legal obligations of the Manager of Inter Expo Center Ltd. but for no longer than 10 years; 3. Visitors Record - for the period required to manage the relationship with the Visitor, as long as necessary for the purposes of the Personal Data Controller and / or for the performance of legal obligations of the Manager of Inter Expo Center Ltd. but for no longer than 10 years; 4. Video Surveillance Registry - 30 days, except when video surveillance records need to be kept beyond the specified period for the purposes of investigating crimes or violations for which Inter Expo Center Ltd. shall notify the investigative body - the police, the prosecutor's office, the Personal Data Protection Commission and others. 5. Job Applicants Record - 45 days.

The manager of Inter Expo Center Ltd. issues an order to determine the persons handling personal data, their powers in relation to the protection of the processed personal data, their rights and duties.

The manager of Inter Expo Center Ltd. and / or the persons authorized by him shall have the following powers:

Provide the record keeping organization, according to the envisaged measures to ensure adequate protection; Monitor the observance of specific measures for protection and access control according to the specificity and level of protection of the maintained records; Perform control over compliance with the requirements for protection of records; Keep in contact with the Personal Data Protection Commission on the measures taken and the means of protection of the records and the submitted personal data applications. This power is granted exclusively to the Manager of Inter Expo Center Ltd.; Specify the technical resources applied to the processing of personal data; Ensure compliance with the organizational procedures for the processing of personal data and for the observation of controlled access to the data carriers;

They perform periodic monitoring of compliance with data protection requirements and, in case of detected irregularities, they take corrective actions.

Access to the personal data stored in the Records shall be restricted only to the employees of Inter Expo Center Ltd., where such access is necessary for the fulfillment of their official duties, as well as for the fulfillment of business purposes, strictly observing the need-to-know principle, i.e. in accordance with his rights and duties under a job description and / or a contract for the relevant legal relationship with Inter Expo Center Ltd.). In particular, these officers shall be authorized on the need-to-know principle by an order.

Access to the processing of personal data to other employees is limited to cases where they are explicitly granted such access rights and in accordance with the need-to-know principle. In that case, the right of access shall be granted on a case-by-case basis by the department where the authorized employee is involved, with explicit authorization specifying the personal data and purposes for which the access is granted, as well as the period for which it is provided.

Personal data processed by Inter Expo Center Ltd. is protected against disclosure to third parties. Third parties may have access to such information only if they have such statutory powers or such a right is given to them on other grounds.

Disclosure of such information must be expressly authorized by the Inter Expo Center Ltd Manager, by taking appropriate measures to ensure compliance with the personal data legislation as well as compliance with the obligation of confidentiality and security of transmission of any data exchange.

This Policy is mandatory for all employees of Inter Expo Center Ltd. insofar as they are involved in the processing of personal data in the above records, and for other persons who have permanent or temporary access to personal data from all records.

Authorized employees entrusted with the processing of personal data by the Records shall:

• process the personal data in a lawful and fair manner; • use personal data accessed by them in accordance with the purposes for which they are collected and shall not to further process them in a manner that is incompatible with those purposes; • update the personal data records (if necessary); • erase or rectify personal data when it is found to be inaccurate or disproportionate to the purposes for which it is being processed; • keep personal data in a form that permits identification of the natural persons concerned for no longer than is necessary for the purposes for which such data are being processed; observe the present Policy. Organizational and technical protection measures Physical protection of personal data contained in the Records. Organizational measures: Defining Controlled Access Areas; All physical areas with paper and electronic records are kept and restricted only to employees who need access through the "need to know" principle in order to perform their duties. All records and documents in paper form containing personal data are locked in lockers that are locked in a restricted room accessible only by authorized personnel. Data is protected by the use of physical access control tools such as access control through smart cards. All premises where paper data is stored are located in restricted areas and are protected by access control, smart cards, lockers, or the like. Electronic media, including servers, are similarly protected in controlled areas. Personal data shall be processed in a non-public part of the premises which is physically restricted and accessible only by staff for whom access is necessary for the performance of their duties. Communication and information systems used for the processing of personal data are separated from the areas accessible to outside persons and are physically protected, as access is limited to those employees who require such data access for the performance of their duties. Physical access to restricted areas, including those with information systems (computers, servers), is only possible through access control doors via smart cards. Access shall be granted only to staff that is directly entrusted with the task, in order to perform their duties.

Knowledge of the legal framework in the field of personal data protection shall be provided in the training program, which has to be passed by the employees and shall be organized by Inter Expo Center Ltd. They are required to read and understand these internal rules upon engagement and to update their knowledge of data protection at least once a year. Familiarization with these internal rules shall be done upon signed acknowledgement. Sharing critical information between staff (e.g., identifiers, access passwords, etc.) is prohibited except in cases of force majeure. Training. Employees must undergo personal data protection training immediately after recruitment and at least once a year. Personnel training for events threatening the data security shall be provided in a training program that the employees must get through immediately after recruitment and at least once a year. The employees are instructed to immediately notify their supervisor if they have any doubts or are aware of a threat to the security of their personal data.

Documentary protection

Defining the conditions for personal data processing

Personal data shall be collected only for a specific purpose in order to support the legitimate interests of the data controller or, to the extent necessary, to comply with the legal obligations of the data controller. Each type of data is classified according to its purpose and nature and is protected in accordance with the requirements set forth above.

Regulation of access to records

Access to records is limited and is only available to authorized personnel, in accordance with the Need to Know principle.

Control of access to records

Access to data shall be limited only to the specific, minimum necessary data required for the employee to perform his / her duties.

Setting periods for storing personal data

Data storage is in line with the purposes for which the data were collected and the statutory time limit.

Personal data shall be stored as long as is necessary to achieve the purpose for which they were collected or as required by the applicable law. For example, data from the Staff Records is processed for 50 years after the termination of the legal relationship, in accordance with Bulgarian legislation. After the expiration of the set period or in case of elimination of the legal basis, the data must be destroyed following a procedure and in a safe manner.

Rules for the reproduction and dissemination of personal data

Personal data can only be copied and disseminated by authorized personnel only if it is necessary for juridical purposes, and only be made available to persons that are in need of them in order to fulfill an assignment.

Unauthorized copying and dissemination is the subject of official sanctions, depending on the seriousness of the offense, including termination of employment / civil relationships.

Destruction procedures

Paper-based documents containing personal data must be destroyed in a safe way when they are no longer needed, by shredding or by incineration. Every employee and head of department who is in possession of such documents is responsible for the safe destruction of the documents. For each destruction a special order is issued to the Manager of Inter Expo Center Ltd. and a proper protocol for destruction is drawn up. Protection of automated information systems and / or networks

Identification and authentication

In order to introduce a "Need to Know" approach, Inter Expo Center Ltd. requires its employees to apply unique user accounts and personal passwords for each user with a network access account. Employees are personally responsible for the proper use of their user accounts and passwords.

Records management.

The Manager of Inter Expo Center Ltd. Shall issue an order nominating the units of the administration responsible for the management of the records and only a limited number of employees may have access to the data contained in the records according to the need-to-know principle.

Employees with access to records are appointed by the Manager when necessary.

Virus protection

Inter Expo Center Ltd.. creates and maintains standard and secure configurations for each computer and network platform with which it operates. The system software is controlled and maintained by authorized persons. Inter Expo Center Ltd. works with versions of approved antivirus software. Users should not refuse automated software processes that update virus signature. Antivirus software screening should be used to scan all software and data files coming from or to third parties or other employees of Inter Expo Center Ltd. Employees should not avoid or exclude scanning of processes that could prevent the transmission of computer viruses.

Hard disks, flash drives and other magnetic media used by an infected computer should not be used on another computer until the virus has been successfully removed.

The infected computer must be immediately isolated from the internal networks.

Antivirus logs should be kept for at least seven 7 days.

Sanctions and liability

Any intentional violation of the rules and limitations of access to personal data by employees of Inter Expo Center LTD. may be grounds for imposing disciplinary sanctions, including dismissal.

ADDITIONAL PROVISIONS

§ 1. For the purposes of this instruction:

1."Personal data" means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This person is called data subject.

2.‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

4. "Personal data record" means any structured set of personal data accessed according to specific criteria, whether centralized, decentralized or distributed according to a functional or geographic basis. 5. "Counterpart" is a commercial company that has entered into a contract with Inter Expo Center Ltd. for carrying out a particular activity. 6. “Data subject " shall be any person acting under the supervision of the Manager of Inter Expo Center Ltd. or of the processor who has access to personal data, he may process them only at the instruction of the Manager, unless otherwise provided the law.

TRANSITIONAL AND FINAL PROVISIONS

§ 2. As far as processing and protection of personal data is concerned, all internal procedures of the document flow of Inter Expo Center Ltd. shall be in accordance with the provisions of the PDPA and the current internal rules.

§ 3. This Policy is obligatory for all employees and other persons employed under civil contracts by Inter Expo Center Ltd. and they are obliged to observe it.

§ 4. The control over the implementation of this Policy is exercised by the Manager of Inter Expo Center Ltd. and / or by the officials authorized by him.

§ 5. Amendments to this Policy shall be made in the order of issuance and approval.

§ 6. This Policy repeals the instruction on the measures and means of protection of personal data collected, processed, stored and provided by Inter Expo Center Ltd. and shall enter into force since 25.05.2018.